HTTP

Licence for this work

This work is produced by John Häggerud for the course Server-based Web Programming (1DV023/1DV523) at Linnaeus University.

All content in this work excluding photographs, icons, picture of course litterature and Linnaeus University logotype and symbol, is licensied under a
Creative Commons Attribution 4.0 International License.

You are free to

copy and redistribute the material in any medium or format
spread the whole or parts of the content
show the whole or parts of the content publicly and digital
convert the content to another format
change the content

If you change the content do not use the photographs, icons, picture of the course literature or Linnaeus University logotype and symbol in your new work!

At all times you must give credit to: ”Linnaeus university – Server-based Web Programming (1DV023)” with the link https://coursepress.lnu.se/kurs/serverbaserad-webbprogrammering/ and to the Creative Common-license above.

HTTP

Client / server architecture
- Request / Response
Stateless, no session
No built-in security
- HTTPS is HTTP with a layer of security
HTTP is a text-based protocol

HTTP 0.9 (1991)
HTTP 1.0 (1996)
HTTP 1.1 (1997)
- https://tools.ietf.org/html/rfc2616
HTTP/2 (May 2015)
HTTP/3 (...)

Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C)

HTTP request

Request-Line
Headers, request header fields
Message body

HTTP response

Status-Line
Headers, response header fields
Message body

HTTP Methods (verbs)

From Client to Server*

Verbs	Actions
GET	Get data; search result	safe, idempotent
POST	Create data	unsafe, not idempotent
PUT	Update data	unsafe, idempotent
PATCH	Partial update of resource	unsafe, not idempotent
DELETE	Delete a resource	unsafe, idempotent
HEAD	Just get headers	safe, idempotent
OPTIONS	Check what the server can do	safe, idempotent

Status codes - Server to client

1xx - Informational
- 101 Switching Protocols
2xx - Successful
- 200 OK, 201 Created, 204 No Content
3xx - Redirection
- 302 Found (follow "Location"), 304 Not Modified
4xx - Client Error
- 400 Bad request, 401 Unauthorized, 403 Forbidden
5xx - Server Error
- 500 Internal Server Error

All this headers and status codes...?

https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
- https://http.cat/
Custom headers?
- X-my-custom-header

In what format will data be sent?

Client to Server (Accept, Accept-encoding)

Server to client (Content-Type, Content-Encoding)

MIME type (text/html, application/json)
The server should use gzip on text files > 1-2 Kb

Client to server

User-Agent:
- Identifying the client (do not trust)
- Web spiders/crawlers - Filter out in logs
Authorization:
- HTTP built in authentication
- Sending tokens to API

Server to client

Server:
- Identifying the server (do not trust)

If HTTP is stateless how does the server know that a user is logged in?

In the response

Set-Cookie:
- PHPSESSID=1p0sptqdupf47lefnti1j1fg40 Path=/admin

In the request

Cookie:
- PHPSESSID=1p0sptqdupf47lefnti1j1fg40

Cache

The ability to temporary store resources like HTML, images, css, script closer to the client to reduce traffic

Expires:
- Using a HTTP Date to tell client how long to cache
- expires:Wed, 30 Jan 2019 14:00:00 GMT
Cache-Control:
- More abilities to set cache; max-age (seconds), public/private
- cache-control: public, max-age=86400
- cache-control: private, max-age=0, no-cache
ETag
- An id calculated by the server to check against